A closer look at Luckycat

The number of reported targeted attacks – aka advanced persistent threats or APTs – has been on the rise, with a notable example being the Luckycat campaign. Unlike indiscriminate attacks, which focus on stealing credit card and banking information and are normally characterized as ‘cybercrime’, targeted attacks are better characterized as ‘cyber espionage’. This is due to their subversive nature, and their ability to infiltrate a target’s networks to extract information as needed.

While the Luckycat campaign is similar to other APT campaigns, careful monitoring allowed security firms to capitalize on mistakes the attackers made, giving us a glimpse of their identities and capabilities. They were also able to get a closer look at their operations, particularly their use of anonymity tools to cover their tracks. Thorough investigation also allowed security firms to track down the attackers’ location through the QQ addresses they used. In addition, it was discovered that the Luckycat campaign had a much more diverse set of targets than Symantec previously disclosed. They also found that the attackers used a combination of free web-hosting servers, which allowed them to cover their tracks, and virtual private servers (VPSs) for more stable operations. Finally, they tracked the connections between Luckycat and previously reported APT campaigns like ShadowNet, which indicates a level of cooperation across campaigns.

Keep in mind that attackers who are sufficiently motivated can easily penetrate insufficiently protected networks. Apart from putting up firewalls, encrypting data, as well as other protective defenses, organizations should also focus on detecting targeted attacks as soon as these happen. An expanded and layered definition of security due diligence is also a must for most enterprises and government organizations. They should also educate their employees about social engineering, as most attacks begin with the simple act of opening a file attachment.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: